Vulnerabilites related to vmware - vrealize_log_insight
Vulnerability from fkie_nvd
Published
2018-11-13 22:29
Modified
2024-11-21 04:11
Severity ?
Summary
VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/105925 | Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2018-0028.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105925 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2018-0028.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * | |
| vmware | vrealize_log_insight | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*", matchCriteriaId: "599C444E-8260-4F76-B5C0-E120C7522E7A", versionEndExcluding: "4.6.2", versionStartIncluding: "4.6", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*", matchCriteriaId: "9D6D7395-BA48-433E-9F15-10AE63A85710", versionEndExcluding: "4.7.1", versionStartIncluding: "4.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.", }, { lang: "es", value: "VMware vRealize Log Insight (versiones 4.7.x anteriores a la 4.7.1 y versiones 4.6.x anteriores a la 4.6.2) contiene una vulnerabilidad debido a la autorización incorrecta en el método de registro de usuarios. Su explotación con éxito podría permitir que los usuarios administradores con el permiso \"view only\" realicen ciertas funciones administrativas que no se les permite realizar.", }, ], id: "CVE-2018-6980", lastModified: "2024-11-21T04:11:31.510", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-13T22:29:00.237", references: [ { source: "security@vmware.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105925", }, { source: "security@vmware.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2018-0028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105925", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2018-0028.html", }, ], sourceIdentifier: "security@vmware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-10-13 16:15
Modified
2024-11-21 05:49
Severity ?
Summary
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0022.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0022.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vrealize_log_insight | * | |
| vmware | vrealize_suite_lifecycle_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "67763E17-BABE-4A25-95BC-2B5F1666705C", versionEndIncluding: "4.3.1", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*", matchCriteriaId: "BECE8925-3981-4FB9-979E-CDFC1A55A13F", versionEndExcluding: "8.60", versionStartExcluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "61B2C07D-4AD4-458B-86CA-FB2CA45A8EA7", versionEndIncluding: "8.2", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.", }, { lang: "es", value: "VMware vRealize Log Insight (versiones 8.x anteriores a 8.6) contienen una vulnerabilidad de inyección de CSV (Valores Separados por Comas) en la función interactive analytics export. Un actor malicioso autenticado con privilegios no administrativos puede ser capaz de insertar datos no confiables antes de exportar una hoja CSV mediante Log Insight que podría ser ejecutada en el entorno del usuario", }, ], id: "CVE-2021-22035", lastModified: "2024-11-21T05:49:28.620", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-10-13T16:15:07.690", references: [ { source: "security@vmware.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2021-0022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2021-0022.html", }, ], sourceIdentifier: "security@vmware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 18:15
Modified
2024-11-21 05:32
Severity ?
Summary
Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*", matchCriteriaId: "34B2D584-D67D-42EE-86D3-F6C9386F5899", versionEndExcluding: "8.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.", }, { lang: "es", value: "Hay una vulnerabilidad de tipo Cross Site Scripting (XSS) en VMware vRealize Log Insight versiones anteriores a 8.1.0, debido a una comprobación de entrada inapropiada.", }, ], id: "CVE-2020-3953", lastModified: "2024-11-21T05:32:01.627", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T18:15:15.520", references: [ { source: "security@vmware.com", tags: [ "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2020-0007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2020-0007.html", }, ], sourceIdentifier: "security@vmware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-08-31 01:59
Modified
2024-11-21 02:54
Severity ?
Summary
Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | 2.0 | |
| vmware | vrealize_log_insight | 2.0.5 | |
| vmware | vrealize_log_insight | 2.5 | |
| vmware | vrealize_log_insight | 3.0 | |
| vmware | vrealize_log_insight | 3.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:2.0:*:*:*:*:*:*:*", matchCriteriaId: "ECA721D3-A31B-4B0C-A9B3-0729E5A486E6", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "3981C264-6EBB-496E-BE5A-1670FABAFAF3", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:2.5:*:*:*:*:*:*:*", matchCriteriaId: "B59B01D4-7ED4-4A20-958D-BC5AB8CD5604", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:3.0:*:*:*:*:*:*:*", matchCriteriaId: "35562FBD-9183-45E8-8E3F-3E24CCFDD759", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:3.3:*:*:*:*:*:*:*", matchCriteriaId: "C9F7C79B-09A9-42F3-AD1A-0BACE2FB5D17", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en VMware vRealize Log Insight 2.x y 3.x en versiones anteriores a 3.6.0 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados.", }, ], id: "CVE-2016-5332", lastModified: "2024-11-21T02:54:07.100", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-08-31T01:59:16.357", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/92448", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1036619", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2016-0011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/92448", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036619", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2016-0011.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-30 19:15
Modified
2024-11-21 05:49
Severity ?
Summary
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0019.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0019.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vrealize_log_insight | * | |
| vmware | vrealize_log_insight | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "722CF000-C0A1-4704-BDC6-3446D1530F3B", versionEndExcluding: "4.3", versionStartIncluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*", matchCriteriaId: "F651BAC0-AA2B-4448-95AB-B37815BC2F1A", versionEndIncluding: "4.8", versionStartIncluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*", matchCriteriaId: "6583A319-9261-4891-92AE-A0F429FF0A0D", versionEndExcluding: "8.4", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.", }, { lang: "es", value: "VMware vRealize Log Insight (versiones 8.x anteriores a 8.4) contiene una vulnerabilidad de tipo Cross Site Scripting (XSS) debido a una comprobación inapropiada de la entrada del usuario. Un atacante con privilegios de usuario puede ser capaz de inyectar una carga útil maliciosa por medio de la interfaz de usuario de Log Insight que se ejecutaría cuando la víctima acceda al enlace del panel compartido.", }, ], id: "CVE-2021-22021", lastModified: "2024-11-21T05:49:27.277", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-30T19:15:08.457", references: [ { source: "security@vmware.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2021-0019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2021-0019.html", }, ], sourceIdentifier: "security@vmware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-14 19:15
Modified
2024-11-21 07:05
Severity ?
Summary
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*", matchCriteriaId: "729C09FE-9824-4C13-990B-E51800B6329B", versionEndIncluding: "8.10.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.", }, { lang: "es", value: "vRealize Log Insight contiene una vulnerabilidad de directory traversal. Un actor malicioso no autenticado puede inyectar archivos en el Sistema Operativo de un dispositivo afectado, lo que puede resultar en la ejecución remota de código.", }, ], id: "CVE-2022-31703", lastModified: "2024-11-21T07:05:10.293", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-14T19:15:13.123", references: [ { source: "security@vmware.com", tags: [ "Not Applicable", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", }, ], sourceIdentifier: "security@vmware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-07-03 01:59
Modified
2024-11-21 02:47
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | 2.0 | |
| vmware | vrealize_log_insight | 2.0.5 | |
| vmware | vrealize_log_insight | 2.5 | |
| vmware | vrealize_log_insight | 2.5.1 | |
| vmware | vrealize_log_insight | 3.0 | |
| vmware | vrealize_log_insight | 3.0.1 | |
| vmware | vrealize_log_insight | 3.3 | |
| vmware | vrealize_log_insight | 3.3.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:2.0:*:*:*:*:*:*:*", matchCriteriaId: "ECA721D3-A31B-4B0C-A9B3-0729E5A486E6", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "3981C264-6EBB-496E-BE5A-1670FABAFAF3", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:2.5:*:*:*:*:*:*:*", matchCriteriaId: "B59B01D4-7ED4-4A20-958D-BC5AB8CD5604", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:2.5.1:*:*:*:*:*:*:*", matchCriteriaId: "40565FA2-BEA0-4DE8-85D0-42AD3415E2AE", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:3.0:*:*:*:*:*:*:*", matchCriteriaId: "35562FBD-9183-45E8-8E3F-3E24CCFDD759", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "45670401-3130-4504-BE48-19AEFAB0854E", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:3.3:*:*:*:*:*:*:*", matchCriteriaId: "C9F7C79B-09A9-42F3-AD1A-0BACE2FB5D17", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "CCEFB9D5-418C-4012-9961-E1FA94CDDAB6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.", }, { lang: "es", value: "Vulnerabilidad de CSRF en VMware vRealize Log Insight 2.x y 3.x en versiones 3.3.2 permite a atacantes remotos secuestrar la autenticación de victimas no especificadas a través de vectores desconocidos.", }, ], id: "CVE-2016-2082", lastModified: "2024-11-21T02:47:46.430", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-07-03T01:59:08.593", references: [ { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1036078", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2016-0008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036078", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2016-0008.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-26 21:15
Modified
2025-04-01 16:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2023-0001.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2023-0001.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * | |
| vmware | vrealize_log_insight | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*", matchCriteriaId: "78E848BE-FFD0-40D3-AA72-17E47F616661", versionEndIncluding: "4.8", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*", matchCriteriaId: "476F80CF-8F34-402E-9175-E506B844724D", versionEndExcluding: "8.10.2", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.", }, { lang: "es", value: "vRealize Log Insight contiene una vulnerabilidad de deserialización. Un actor malicioso no autenticado puede desencadenar de forma remota la deserialización de datos que no son de confianza, lo que podría provocar una denegación de servicio.", }, ], id: "CVE-2022-31710", lastModified: "2025-04-01T16:15:16.190", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-01-26T21:15:38.037", references: [ { source: "security@vmware.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", }, ], sourceIdentifier: "security@vmware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-26 21:15
Modified
2025-04-02 14:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * | |
| vmware | vrealize_log_insight | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*", matchCriteriaId: "78E848BE-FFD0-40D3-AA72-17E47F616661", versionEndIncluding: "4.8", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*", matchCriteriaId: "476F80CF-8F34-402E-9175-E506B844724D", versionEndExcluding: "8.10.2", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.", }, { lang: "es", value: "vRealize Log Insight contiene una vulnerabilidad de Directory Traversal. Un actor malintencionado no autenticado puede inyectar archivos en el sistema operativo de un dispositivo afectado, lo que puede provocar la ejecución remota de código.\n", }, ], id: "CVE-2022-31706", lastModified: "2025-04-02T14:15:36.280", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-01-26T21:15:37.610", references: [ { source: "security@vmware.com", url: "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html", }, { source: "security@vmware.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", }, { source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", url: "https://packetstorm.news/files/id/174606", }, ], sourceIdentifier: "security@vmware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-26 21:15
Modified
2025-04-02 14:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * | |
| vmware | vrealize_log_insight | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*", matchCriteriaId: "78E848BE-FFD0-40D3-AA72-17E47F616661", versionEndIncluding: "4.8", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*", matchCriteriaId: "476F80CF-8F34-402E-9175-E506B844724D", versionEndExcluding: "8.10.2", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.", }, { lang: "es", value: "vRealize Log Insight contiene una vulnerabilidad de control de acceso roto. Un actor malintencionado no autenticado puede inyectar código de forma remota en archivos confidenciales de un dispositivo afectado, lo que puede provocar la ejecución remota de código.\n", }, ], id: "CVE-2022-31704", lastModified: "2025-04-02T14:15:36.047", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-01-26T21:15:37.320", references: [ { source: "security@vmware.com", url: "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html", }, { source: "security@vmware.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", }, { source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", url: "https://packetstorm.news/files/id/174606", }, ], sourceIdentifier: "security@vmware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-284", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2016-07-03 01:59
Modified
2024-11-21 02:47
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | 2.0 | |
| vmware | vrealize_log_insight | 2.0.5 | |
| vmware | vrealize_log_insight | 2.5 | |
| vmware | vrealize_log_insight | 2.5.1 | |
| vmware | vrealize_log_insight | 3.0 | |
| vmware | vrealize_log_insight | 3.0.1 | |
| vmware | vrealize_log_insight | 3.3 | |
| vmware | vrealize_log_insight | 3.3.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:2.0:*:*:*:*:*:*:*", matchCriteriaId: "ECA721D3-A31B-4B0C-A9B3-0729E5A486E6", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "3981C264-6EBB-496E-BE5A-1670FABAFAF3", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:2.5:*:*:*:*:*:*:*", matchCriteriaId: "B59B01D4-7ED4-4A20-958D-BC5AB8CD5604", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:2.5.1:*:*:*:*:*:*:*", matchCriteriaId: "40565FA2-BEA0-4DE8-85D0-42AD3415E2AE", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:3.0:*:*:*:*:*:*:*", matchCriteriaId: "35562FBD-9183-45E8-8E3F-3E24CCFDD759", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "45670401-3130-4504-BE48-19AEFAB0854E", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:3.3:*:*:*:*:*:*:*", matchCriteriaId: "C9F7C79B-09A9-42F3-AD1A-0BACE2FB5D17", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "CCEFB9D5-418C-4012-9961-E1FA94CDDAB6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad de XSS en VMware vRealize Log Insight 2.x y 3.x en versiones anteriores a 3.3.2 permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarios a través de vectores no especificados.", }, ], id: "CVE-2016-2081", lastModified: "2024-11-21T02:47:46.293", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-07-03T01:59:06.907", references: [ { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1036078", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2016-0008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036078", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2016-0008.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-26 21:15
Modified
2025-04-01 16:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * | |
| vmware | vrealize_log_insight | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*", matchCriteriaId: "78E848BE-FFD0-40D3-AA72-17E47F616661", versionEndIncluding: "4.8", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*", matchCriteriaId: "476F80CF-8F34-402E-9175-E506B844724D", versionEndExcluding: "8.10.2", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.", }, { lang: "es", value: "VMware vRealize Log Insight contiene una vulnerabilidad de Divulgación de Información. Un actor malintencionado puede recopilar de forma remota información sensible de la sesión y la aplicación sin autenticación.\n", }, ], id: "CVE-2022-31711", lastModified: "2025-04-01T16:15:16.383", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-01-26T21:15:38.270", references: [ { source: "security@vmware.com", url: "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html", }, { source: "security@vmware.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", }, ], sourceIdentifier: "security@vmware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-200", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-12 21:15
Modified
2024-11-21 07:05
Severity ?
Summary
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0019.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0019.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*", matchCriteriaId: "735632D7-30EB-43F2-94D8-B733109DF763", versionEndExcluding: "8.8.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.", }, { lang: "es", value: "VMware vRealize Log Insight en versiones anteriores a 8.8.2, contienen una vulnerabilidad de tipo cross-site scriptings almacenado debido a un saneo de entrada inapropiado en las configuraciones", }, ], id: "CVE-2022-31654", lastModified: "2024-11-21T07:05:03.267", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-12T21:15:10.257", references: [ { source: "security@vmware.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2022-0019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2022-0019.html", }, ], sourceIdentifier: "security@vmware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-12 21:15
Modified
2024-11-21 07:05
Severity ?
Summary
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0019.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0019.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*", matchCriteriaId: "735632D7-30EB-43F2-94D8-B733109DF763", versionEndExcluding: "8.8.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.", }, { lang: "es", value: "VMware vRealize Log Insight en versiones anteriores a la 8.8.2 contienen una vulnerabilidad de tipo cross-site scripting almacenado debido a una saneo de entrada inapropiado en las alertas", }, ], id: "CVE-2022-31655", lastModified: "2024-11-21T07:05:03.437", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-12T21:15:10.307", references: [ { source: "security@vmware.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2022-0019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2022-0019.html", }, ], sourceIdentifier: "security@vmware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 18:15
Modified
2024-11-21 05:32
Severity ?
Summary
Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*", matchCriteriaId: "34B2D584-D67D-42EE-86D3-F6C9386F5899", versionEndExcluding: "8.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.", }, { lang: "es", value: "Hay una vulnerabilidad de Redireccionamiento Abierto en VMware vRealize Log Insight versiones anteriores a 8.1.0, debido a una comprobación de entrada inapropiada.", }, ], id: "CVE-2020-3954", lastModified: "2024-11-21T05:32:01.750", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T18:15:15.583", references: [ { source: "security@vmware.com", tags: [ "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2020-0007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2020-0007.html", }, ], sourceIdentifier: "security@vmware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-601", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2022-31704
Vulnerability from cvelistv5
Published
2023-01-25 00:00
Modified
2025-04-02 13:26
Severity ?
EPSS score ?
Summary
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | vRealize Log Insight (vRLI) |
Version: vRealize Log Insight 8.10.1 and prior |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:26:01.282Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-31704", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-02T13:26:55.313338Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T13:26:58.952Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://packetstorm.news/files/id/174606", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vRealize Log Insight (vRLI)", vendor: "n/a", versions: [ { status: "affected", version: "vRealize Log Insight 8.10.1 and prior", }, ], }, ], descriptions: [ { lang: "en", value: "The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.", }, ], problemTypes: [ { descriptions: [ { description: "VMware vRealize Log Insight broken access control Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T18:06:41.000Z", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { url: "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", }, { url: "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html", }, ], }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2022-31704", datePublished: "2023-01-25T00:00:00.000Z", dateReserved: "2022-05-25T00:00:00.000Z", dateUpdated: "2025-04-02T13:26:58.952Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6980
Vulnerability from cvelistv5
Published
2018-11-13 22:00
Modified
2024-08-05 06:17
Severity ?
EPSS score ?
Summary
VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2018-0028.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/105925 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | VMware vRealize Log Insight |
Version: VVMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:17:17.509Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.vmware.com/security/advisories/VMSA-2018-0028.html", }, { name: "105925", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105925", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "VMware vRealize Log Insight", vendor: "VMware", versions: [ { status: "affected", version: "VVMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2)", }, ], }, ], datePublic: "2018-11-13T00:00:00", descriptions: [ { lang: "en", value: "VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.", }, ], problemTypes: [ { descriptions: [ { description: "Authorization bypass vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-11-15T10:57:01", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.vmware.com/security/advisories/VMSA-2018-0028.html", }, { name: "105925", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105925", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@vmware.com", ID: "CVE-2018-6980", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "VMware vRealize Log Insight", version: { version_data: [ { version_value: "VVMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2)", }, ], }, }, ], }, vendor_name: "VMware", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Authorization bypass vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "https://www.vmware.com/security/advisories/VMSA-2018-0028.html", refsource: "CONFIRM", url: "https://www.vmware.com/security/advisories/VMSA-2018-0028.html", }, { name: "105925", refsource: "BID", url: "http://www.securityfocus.com/bid/105925", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2018-6980", datePublished: "2018-11-13T22:00:00", dateReserved: "2018-02-14T00:00:00", dateUpdated: "2024-08-05T06:17:17.509Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2082
Vulnerability from cvelistv5
Published
2016-07-03 01:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2016-0008.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1036078 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:17:50.614Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2016-0008.html", }, { name: "1036078", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036078", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-09T00:00:00", descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-31T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2016-0008.html", }, { name: "1036078", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036078", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-2082", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.vmware.com/security/advisories/VMSA-2016-0008.html", refsource: "CONFIRM", url: "http://www.vmware.com/security/advisories/VMSA-2016-0008.html", }, { name: "1036078", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036078", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-2082", datePublished: "2016-07-03T01:00:00", dateReserved: "2016-01-26T00:00:00", dateUpdated: "2024-08-05T23:17:50.614Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-3953
Vulnerability from cvelistv5
Published
2020-04-15 17:20
Modified
2024-08-04 07:52
Severity ?
EPSS score ?
Summary
Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2020-0007.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vRealize Log Insight |
Version: VMware vRealize Log Insight prior to 8.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:52:20.252Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.vmware.com/security/advisories/VMSA-2020-0007.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "VMware vRealize Log Insight", vendor: "n/a", versions: [ { status: "affected", version: "VMware vRealize Log Insight prior to 8.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.", }, ], problemTypes: [ { descriptions: [ { description: "Stored XSS", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T17:20:09", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.vmware.com/security/advisories/VMSA-2020-0007.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@vmware.com", ID: "CVE-2020-3953", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "VMware vRealize Log Insight", version: { version_data: [ { version_value: "VMware vRealize Log Insight prior to 8.1.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Stored XSS", }, ], }, ], }, references: { reference_data: [ { name: "https://www.vmware.com/security/advisories/VMSA-2020-0007.html", refsource: "MISC", url: "https://www.vmware.com/security/advisories/VMSA-2020-0007.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2020-3953", datePublished: "2020-04-15T17:20:09", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-08-04T07:52:20.252Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-31711
Vulnerability from cvelistv5
Published
2023-01-25 00:00
Modified
2025-04-01 15:27
Severity ?
EPSS score ?
Summary
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | vRealize Log Insight (vRLI) |
Version: vRealize Log Insight 8.10.1 and prior |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:26:01.107Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-31711", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-01T15:27:00.516102Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-01T15:27:39.781Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vRealize Log Insight (vRLI)", vendor: "n/a", versions: [ { status: "affected", version: "vRealize Log Insight 8.10.1 and prior", }, ], }, ], descriptions: [ { lang: "en", value: "VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.", }, ], problemTypes: [ { descriptions: [ { description: "VMware vRealize Log Insight Information Disclosure Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T18:06:39.555Z", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { url: "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", }, { url: "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html", }, ], }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2022-31711", datePublished: "2023-01-25T00:00:00.000Z", dateReserved: "2022-05-25T00:00:00.000Z", dateUpdated: "2025-04-01T15:27:39.781Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-31703
Vulnerability from cvelistv5
Published
2022-12-14 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | vRealize Log Insight (vRLI) |
Version: vRealize Log Insight 8.10.1 and prior |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:26:01.029Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "vRealize Log Insight (vRLI)", vendor: "n/a", versions: [ { status: "affected", version: "vRealize Log Insight 8.10.1 and prior", }, ], }, ], descriptions: [ { lang: "en", value: "The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.", }, ], problemTypes: [ { descriptions: [ { description: "VMware vRealize Log Insight Directory Traversal Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-25T00:00:00", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { url: "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", }, ], }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2022-31703", datePublished: "2022-12-14T00:00:00", dateReserved: "2022-05-25T00:00:00", dateUpdated: "2024-08-03T07:26:01.029Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-31710
Vulnerability from cvelistv5
Published
2023-01-25 00:00
Modified
2025-04-01 15:28
Severity ?
EPSS score ?
Summary
vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | vRealize Log Insight (vRLI) |
Version: vRealize Log Insight 8.10.1 and prior |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:26:01.090Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-31710", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-01T15:28:03.261517Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-01T15:28:35.065Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vRealize Log Insight (vRLI)", vendor: "n/a", versions: [ { status: "affected", version: "vRealize Log Insight 8.10.1 and prior", }, ], }, ], descriptions: [ { lang: "en", value: "vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.", }, ], problemTypes: [ { descriptions: [ { description: "VMware vRealize Log Insight Deserialization Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-25T00:00:00.000Z", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { url: "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", }, ], }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2022-31710", datePublished: "2023-01-25T00:00:00.000Z", dateReserved: "2022-05-25T00:00:00.000Z", dateUpdated: "2025-04-01T15:28:35.065Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-31706
Vulnerability from cvelistv5
Published
2023-01-25 00:00
Modified
2025-04-02 13:25
Severity ?
EPSS score ?
Summary
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | vRealize Log Insight (vRLI) |
Version: vRealize Log Insight 8.10.1 and prior |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:26:01.050Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-31706", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-02T13:25:20.491171Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T13:25:27.733Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://packetstorm.news/files/id/174606", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vRealize Log Insight (vRLI)", vendor: "n/a", versions: [ { status: "affected", version: "vRealize Log Insight 8.10.1 and prior", }, ], }, ], descriptions: [ { lang: "en", value: "The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.", }, ], problemTypes: [ { descriptions: [ { description: "VMware vRealize Log Insight Directory Traversal Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T18:06:38.043Z", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { url: "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", }, { url: "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html", }, ], }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2022-31706", datePublished: "2023-01-25T00:00:00.000Z", dateReserved: "2022-05-25T00:00:00.000Z", dateUpdated: "2025-04-02T13:25:27.733Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-3954
Vulnerability from cvelistv5
Published
2020-04-15 17:17
Modified
2024-08-04 07:52
Severity ?
EPSS score ?
Summary
Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2020-0007.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vRealize Log Insight |
Version: VMware vRealize Log Insight prior to 8.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:52:20.507Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.vmware.com/security/advisories/VMSA-2020-0007.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "VMware vRealize Log Insight", vendor: "n/a", versions: [ { status: "affected", version: "VMware vRealize Log Insight prior to 8.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.", }, ], problemTypes: [ { descriptions: [ { description: "Stored XSS", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T17:17:17", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.vmware.com/security/advisories/VMSA-2020-0007.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@vmware.com", ID: "CVE-2020-3954", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "VMware vRealize Log Insight", version: { version_data: [ { version_value: "VMware vRealize Log Insight prior to 8.1.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Stored XSS", }, ], }, ], }, references: { reference_data: [ { name: "https://www.vmware.com/security/advisories/VMSA-2020-0007.html", refsource: "MISC", url: "https://www.vmware.com/security/advisories/VMSA-2020-0007.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2020-3954", datePublished: "2020-04-15T17:17:17", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-08-04T07:52:20.507Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-31654
Vulnerability from cvelistv5
Published
2022-07-12 20:43
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0019.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vRealize Log Insight |
Version: VMware vRealize Log Insight prior to 8.8.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:26:00.962Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.vmware.com/security/advisories/VMSA-2022-0019.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "VMware vRealize Log Insight", vendor: "n/a", versions: [ { status: "affected", version: "VMware vRealize Log Insight prior to 8.8.2", }, ], }, ], descriptions: [ { lang: "en", value: "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.", }, ], problemTypes: [ { descriptions: [ { description: "Stored cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-12T20:43:09", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.vmware.com/security/advisories/VMSA-2022-0019.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@vmware.com", ID: "CVE-2022-31654", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "VMware vRealize Log Insight", version: { version_data: [ { version_value: "VMware vRealize Log Insight prior to 8.8.2", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Stored cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://www.vmware.com/security/advisories/VMSA-2022-0019.html", refsource: "MISC", url: "https://www.vmware.com/security/advisories/VMSA-2022-0019.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2022-31654", datePublished: "2022-07-12T20:43:09", dateReserved: "2022-05-25T00:00:00", dateUpdated: "2024-08-03T07:26:00.962Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-31655
Vulnerability from cvelistv5
Published
2022-07-12 20:44
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0019.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vRealize Log Insight |
Version: VMware vRealize Log Insight prior to 8.8.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:26:00.954Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.vmware.com/security/advisories/VMSA-2022-0019.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "VMware vRealize Log Insight", vendor: "n/a", versions: [ { status: "affected", version: "VMware vRealize Log Insight prior to 8.8.2", }, ], }, ], descriptions: [ { lang: "en", value: "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.", }, ], problemTypes: [ { descriptions: [ { description: "Stored cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-12T20:44:46", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.vmware.com/security/advisories/VMSA-2022-0019.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@vmware.com", ID: "CVE-2022-31655", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "VMware vRealize Log Insight", version: { version_data: [ { version_value: "VMware vRealize Log Insight prior to 8.8.2", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Stored cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://www.vmware.com/security/advisories/VMSA-2022-0019.html", refsource: "MISC", url: "https://www.vmware.com/security/advisories/VMSA-2022-0019.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2022-31655", datePublished: "2022-07-12T20:44:46", dateReserved: "2022-05-25T00:00:00", dateUpdated: "2024-08-03T07:26:00.954Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-5332
Vulnerability from cvelistv5
Published
2016-08-31 01:00
Modified
2024-08-06 01:00
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036619 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vmware.com/security/advisories/VMSA-2016-0011.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/92448 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:00:57.988Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1036619", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036619", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2016-0011.html", }, { name: "92448", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/92448", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-08-11T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-15T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1036619", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036619", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2016-0011.html", }, { name: "92448", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/92448", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-5332", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1036619", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036619", }, { name: "http://www.vmware.com/security/advisories/VMSA-2016-0011.html", refsource: "CONFIRM", url: "http://www.vmware.com/security/advisories/VMSA-2016-0011.html", }, { name: "92448", refsource: "BID", url: "http://www.securityfocus.com/bid/92448", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-5332", datePublished: "2016-08-31T01:00:00", dateReserved: "2016-06-07T00:00:00", dateUpdated: "2024-08-06T01:00:57.988Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2081
Vulnerability from cvelistv5
Published
2016-07-03 01:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2016-0008.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1036078 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:17:50.558Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2016-0008.html", }, { name: "1036078", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036078", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-09T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-31T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2016-0008.html", }, { name: "1036078", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036078", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-2081", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.vmware.com/security/advisories/VMSA-2016-0008.html", refsource: "CONFIRM", url: "http://www.vmware.com/security/advisories/VMSA-2016-0008.html", }, { name: "1036078", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036078", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-2081", datePublished: "2016-07-03T01:00:00", dateReserved: "2016-01-26T00:00:00", dateUpdated: "2024-08-05T23:17:50.558Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-22021
Vulnerability from cvelistv5
Published
2021-08-30 18:06
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0019.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vRealize Log Insight |
Version: VMware vRealize Log Insight (8.x prior to 8.4) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:30:23.931Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.vmware.com/security/advisories/VMSA-2021-0019.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "VMware vRealize Log Insight", vendor: "n/a", versions: [ { status: "affected", version: "VMware vRealize Log Insight (8.x prior to 8.4)", }, ], }, ], descriptions: [ { lang: "en", value: "VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.", }, ], problemTypes: [ { descriptions: [ { description: "Cross Site Scripting (XSS) vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-30T18:06:13", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.vmware.com/security/advisories/VMSA-2021-0019.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@vmware.com", ID: "CVE-2021-22021", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "VMware vRealize Log Insight", version: { version_data: [ { version_value: "VMware vRealize Log Insight (8.x prior to 8.4)", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross Site Scripting (XSS) vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "https://www.vmware.com/security/advisories/VMSA-2021-0019.html", refsource: "MISC", url: "https://www.vmware.com/security/advisories/VMSA-2021-0019.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2021-22021", datePublished: "2021-08-30T18:06:13", dateReserved: "2021-01-04T00:00:00", dateUpdated: "2024-08-03T18:30:23.931Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-22035
Vulnerability from cvelistv5
Published
2021-10-13 15:50
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vRealize Log Insight |
Version: VMware vRealize Log Insight (8.x prior to 8.6) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:30:24.009Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.vmware.com/security/advisories/VMSA-2021-0022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "VMware vRealize Log Insight", vendor: "n/a", versions: [ { status: "affected", version: "VMware vRealize Log Insight (8.x prior to 8.6)", }, ], }, ], descriptions: [ { lang: "en", value: "VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.", }, ], problemTypes: [ { descriptions: [ { description: "CSV injection vulnerability in Log Insight", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-13T15:50:54", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.vmware.com/security/advisories/VMSA-2021-0022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@vmware.com", ID: "CVE-2021-22035", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "VMware vRealize Log Insight", version: { version_data: [ { version_value: "VMware vRealize Log Insight (8.x prior to 8.6)", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CSV injection vulnerability in Log Insight", }, ], }, ], }, references: { reference_data: [ { name: "https://www.vmware.com/security/advisories/VMSA-2021-0022.html", refsource: "MISC", url: "https://www.vmware.com/security/advisories/VMSA-2021-0022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2021-22035", datePublished: "2021-10-13T15:50:54", dateReserved: "2021-01-04T00:00:00", dateUpdated: "2024-08-03T18:30:24.009Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }